News

Porn-wielding Zoom bombers disrupt Twitter hack court hearing

Uh-oh… someone didn’t lock their Zoom meeting down properly. That’s probably particularly important when the person charged is an alleged hacker.

Smashing Security podcast #190: Twitter hack arrests, email bad behaviour, and Fawkes vs facial recognition

Special guest Geoff White can’t resist using the podcast to promote his new book, “Crime Dot Com”, but other than that we also discuss the creepy (and apparently legal) way websites can find out your email and postal address even if you don’t give it to them, take a look at how the alleged Twitter hackers were identified, and learn about Fawkes – the technology fighting back at facial recognition.

Twitter says a “phone spear phishing” attack helped hackers – what’s that?

What’s a phone spear phishing attack? Twitter shares some more details related to its serious security breach earlier this month which saw celebrity accounts tweeting a cryptocurrency scam.

Zoom bug meant attackers could brute force their way into password-protected meetings

Zoom has patched a security hole that could have allowed attackers to break their way into password-protected private calls.

Read more in my article on the Hot for Security blog.

Smashing Security podcast #189: DNA cock-up, Garmin hack, and virtual kidnappings

Why are students faking their own kidnappings? What’s the story behind Garmin’s ransomware attack? And a genetic genealogy website suffers a hack or two.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Ray REDACTED.

Thousands of websites at risk from critical WordPress commenting plugin vulnerability

A critical vulnerability in a third-party comments plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely.

If you’re using the wpDIscuz commenting plugin, make sure you’ve kept it up to date – or your website might be hijacked… or wiped.

Read more in my article on the Hot for Security blog.

Hacker plays cat-and-mouse with the EBRD’s Twitter account

The European Bank for Reconstruction and Development (EBRD) found itself very publicly tussling with a hacker on its Twitter account this morning.

Bank of Ireland fined €1.66 million after being tricked by fraudster

One of Ireland’s largest banks, Bank of Ireland, has been fined almost €1.7 million after regulators discovered it had failed to inform financial regulators and the police after a fraudster tricked them into transferring funds from a client’s account.

Read more in my article on the Hot for Security blog.

Google blames algorithm for adding porn titles to train station search results

If you searched on Google for details of your nearest train station in parts of New York state, you might be in for a rude surprise.

Garmin staggers back online after ransomware attack

Garmin’s online services are beginning to come back to life after it was hit badly by ransomware last week.

But did it pay a ransom to its attackers or not?

Over 1000 Twitter staff and contractors had access to internal tools that helped hackers hijack accounts

As Twitter and law enforcement agencies investigate the high profile attack against Twitter accounts, there is a clear lesson for other businesses to learn.

Read more in my article on the Bitdefender Business Insights blog.

Garmin knocked out by ransomware attack

Garmin, the wearable tech company famous for its GPS fitness trackers and activity smartwatches, is suffering a global outage – and ransomware appears to be to blame.